Even voicemail is susceptible to fraud

In a world of increasing exposure to online security threats, it’s nice to be able to rely on voicemail for risk-free communication. The problem is, you can’t. Your voicemail system can easily be hacked if you don’t take some precautions.

Passwords as passports

In the most common scheme, hackers figure out the passwords for voicemail boxes. Most frequently, they call numbers until they’re transferred to voicemail, and then try different combinations of numbers until they find the password. Once they’re in a voicemail box, they change the greeting to authorize collect or third-party calls.

In some cases, hackers use voicemail to enable lengthy, international conference calls. In others, they distribute the compromised phone numbers to friends and relatives overseas. These individuals can then call the United States, asking that the calls be billed to their “home” numbers. Because such calls are typically placed at times when voicemail is likely to pick up, such as weekends and holidays, the voicemail greeting authorizes the calls and the business is left holding the bill. Phone companies may or may not waive such charges.

Unauthorized calls aren’t the only way that hackers can exploit voicemail. Anyone who gains access to passwords can use them to listen to messages. Thus, hackers can get unlimited access to confidential business information — or employees may even use passwords to monitor their bosses’ messages.

Prevention is essential

Simple precautions can prevent these fraudulent activities. The easiest is to make sure everyone in your company creates a unique password. Fraud perpetrators know that many people either don’t bother to change the default “1234” password or simply use their extension numbers as their passwords.

Changing passwords regularly, just as with computer network logons, is another way to discourage voicemail fraud. Even better, encourage your employees to use six-digit — instead of the more common four-digit — passwords. Hackers would have to try 100,000 combinations to hit on the right one. It’s much easier for them to find default passwords somewhere else.

Another prevention method is to ask employees to routinely check their greetings. Your business may also want to disable international calls, auto-attendant features, call-forwarding and out-paging capabilities.

Endlessly inventive

Fraud perpetrators are endlessly inventive when it comes to scamming individuals and businesses. Contact us for more information on common fraud schemes and how to prevent them.